I'm building a virtual Ubuntu Server(LXC on Proxmox) that shall act as router and tunnel some devices(e.g. AppleTV) of my local network through a VPN (expressVPN).
Connecting and routing to different VPN destinations (different countries) is working.
But some services still know that I'm not calling from the country the VPN Server is standing in. (I think its called DNS leaking???)
Thats because my client, let's say the AppleTV box uses e.g. 1.1.1.1 as DNS. It doesn't know the DNS server the VPN Server published to my gateway.
To prevent that from happening I'ld like to use the VPN's DNS service I receive when connecting. I pointed the AppleTV to my gateway as DNS and wrote some iptables rules to DNAT the requests to the DNS servers provided by the VPN server. (Hope that makes sense)
# Route DNS Traffic
iptables -t nat -A PREROUTING -p tcp --dst x.x.x.x --dport 53 -j DNAT --to-destination 10.54.0.1:53
iptables -t nat -A PREROUTING -p udp --dst x.x.x.x --dport 53 -j DNAT --to-destination 10.54.0.1:53
That works well.
Question
How to automatically generate these rules when establishing the OpenVPN connection? The specific DNS Address will change when connection to another VPN station (e.g. different country). Or is there a better solution?
I was thinking about putting it in the update-systemd-resolved
, but that seems way to complicated. I assume there is a easy way to go.
I'm thankful for any hint.